[icinga-checkins] icinga.org: icinga2/master: Revert " Only set SSL_OP_NO_COMPRESSION if supported"

git at icinga.org git at icinga.org
Wed May 25 16:07:25 CEST 2016


Module: icinga2
Branch: master
Commit: 55095e67568c5e0111caca69fd20631121bdb5a0
URL:    https://git.icinga.org/?p=icinga2.git;a=commit;h=55095e67568c5e0111caca69fd20631121bdb5a0

Author: Michael Friedrich <michael.friedrich at netways.de>
Date:   Wed May 25 16:06:47 2016 +0200

Revert "Only set SSL_OP_NO_COMPRESSION if supported"

This reverts commit a4562fb433f2ce46996069b3caffc7ad0eaefa08.

---

 lib/base/tlsutility.cpp |    8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/lib/base/tlsutility.cpp b/lib/base/tlsutility.cpp
index df373ba..4a18e33 100644
--- a/lib/base/tlsutility.cpp
+++ b/lib/base/tlsutility.cpp
@@ -85,13 +85,7 @@ boost::shared_ptr<SSL_CTX> MakeSSLContext(const String& pubkey, const String& pr
 
 	boost::shared_ptr<SSL_CTX> sslContext = boost::shared_ptr<SSL_CTX>(SSL_CTX_new(SSLv23_method()), SSL_CTX_free);
 
-	long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
-
-#ifdef SSL_OP_NO_COMPRESSION
-	flags |= SSL_OP_NO_COMPRESSION;
-#endif
-
-	SSL_CTX_set_options(sslContext.get(), flags);
+	SSL_CTX_set_options(sslContext.get(), SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION);
 
 	SSL_CTX_set_mode(sslContext.get(), SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
 	SSL_CTX_set_session_id_context(sslContext.get(), (const unsigned char *)"Icinga 2", 8);



More information about the icinga-checkins mailing list